2024 CNCF/OSTIF Independent Security Audit Impact Report

OSTIF is proud to share the results of our 2024 security audit collaboration with the Cloud Native Computing Foundation (CNCF). Over the past three years, OSTIF and the CNCF have worked together to provide security audits for CNCF projects. These projects, as a part of the CNCF landscape, must undergo…

Continue Reading2024 CNCF/OSTIF Independent Security Audit Impact Report

OperatorFabric Audit Complete!

OSTIF is proud to share the results of our security audit of OperatorFabric. OperatorFabric is an open source industrial platform for utility operations. With the help of Quarkslab and Linux Foundation Energy (LF Energy), this project will continue to provide secure, centralized business operations for users and high-quality service to…

Continue ReadingOperatorFabric Audit Complete!

CloudCustodian Audit Complete!

OSTIF is proud to share the results of our security audit of CloudCustodian. CloudCustodian is an open source rules engine for cloud infrastructure management. Thanks to the help of Ada Logics and the Cloud Native Computing Foundation, this project underwent a third-party security audit to help strengthen CloudCustodian’s security as…

Continue ReadingCloudCustodian Audit Complete!

Securing Open-Source Infrastructure with Trail of Bits

OSTIF started performing security audits in earnest in 2018, tackling a new level of involvement open source security. That same year was OSTIF’s first collaboration with security firm Trail of Bits, working together to complete an audit of RandomX. Since then our two companies have worked together on 12 security…

Continue ReadingSecuring Open-Source Infrastructure with Trail of Bits

In-Flux-ible on bugs- Flux undergoes Security Audit with OSTIF and Trail of Bits

OSTIF is proud to announce the publication of a security audit on the Kubernetes cluster tooling Flux in collaboration with Trail of Bits. Performed over four engineer weeks, this is the second security audit with OSTIF that Flux has undertaken, the first having taken place in November 2021. Repeated security…

Continue ReadingIn-Flux-ible on bugs- Flux undergoes Security Audit with OSTIF and Trail of Bits

RustVMM Security Audit with OSTIF is Complete!

OSTIF is pleased to announce the completion of a security audit of the open source project RustVMM in collaboration with X-41 D-Sec GmbH, with funding by Amazon Web Services. The project offers crates to build customized Virtual Machine Monitors (thus, VMM), which can be vulnerable to malicious actors through its…

Continue ReadingRustVMM Security Audit with OSTIF is Complete!

Our Audits of Jackson-Core and Jackson-Databind are Complete

We’re excited to report the results for the security audits of Jackson-Core and Jackson-Databind. Jackson-Core and Jackson-Databind are Java projects that are widely adopted for parsing and binding data. The security review was facilitated by Open Source Technology Improvement Fund backed by the OpenSSF and carried out by Adalogics. The…

Continue ReadingOur Audits of Jackson-Core and Jackson-Databind are Complete